--- /dev/null
+#!/usr/bin/python -tt
+# sign/list keys
+# --sign hostname hostname hostname
+# --list # lists all csrs needing to be signed
+# --list-all ?
+# --clean? not sure what it will do
+
+import sys
+import glob
+import os
+
+import func
+import func.certs
+import func.certmaster
+
+
+
+from optparse import OptionParser
+
+def errorprint(stuff):
+ print >> sys.stderr, stuff
+
+
+def parseargs(args):
+ usage = 'certmaster-ca <option> [args]'
+ parser = OptionParser(usage=usage)
+
+ parser.add_option('-l', '--list', default=False, action="store_true",
+ help='list signing requests remaining')
+ parser.add_option('-s', '--sign', default=False, action="store_true",
+ help='sign requests of hosts specified')
+ parser.add_option('-c', '--clean', default=False, action="store_true",
+ help="clean out all certs or csrs for the hosts specified")
+
+ (opts, args) = parser.parse_args()
+
+
+ if not opts.list and not opts.sign and not opts.clean:
+ parser.print_help()
+ sys.exit(1)
+
+ return (opts, args)
+
+def main(args):
+ if os.geteuid() != 0:
+ errorprint('Must be root to run certmaster-ca')
+ return 1
+
+ cm = func.certmaster.CertMaster()
+
+ (opts, args) = parseargs(args)
+
+
+ if opts.list:
+ hns = cm.get_csrs_waiting()
+ if hns:
+ for hn in cm.get_csrs_waiting():
+ print hn
+ else:
+ print 'No certificates to sign'
+
+ return 0
+
+ if opts.sign:
+ if not args:
+ errorprint('Need hostnames to sign')
+ return 1
+
+ for hn in args:
+ csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
+ csrs = glob.glob(csrglob)
+ if not csrs:
+ errorprint('No match for %s to sign' % hn)
+ return 1
+
+ for fn in csrs:
+ certfile = cm.sign_this_csr(fn)
+ print '%s signed - cert located at %s' % (fn, certfile)
+ return 0
+
+ if opts.clean:
+ if not args:
+ errorprint('Need hostname(s) to clean up')
+ return 1
+
+ for hn in args:
+ cm.remove_this_host(hn)
+
+ return 0
+
+if __name__ == "__main__":
+ sys.exit(main(sys.argv[1:]))
projects / certmaster.git / blobdiff